<?php 

/*
	---------------------------------------------------------------------
	When the user logs in, the login is sent via POST to the index and
	processed.  Login and Password are concatinated and then Base64
	encoded.  That value is then stored into a single session value.
	
	This isn't the most secure method, but it saves the values from being
	stored openly in the session cookie.  Eventually I'll probably replace
	this with something more secure, like a hash value or something.
	
	The values are then read back out of the session and validated against
	the auth database.
	
	Currently, an auth database doesn't exist.  Using a hard coded array
	until something better can be written.
	
	To log back out of the system, call "index.php?logout" and the sid
	value will be dumped, putting the user at the home screen again.

	---------------------------------------------------------------------
*/

if (file_exists('local_config.php')) include_once('local_config.php');
else include_once('local_config.default.php');

session_start();

if (isset($_POST['login'])) {
	$loginVal = $_POST['login'];
	$passVal = $_POST['password'];

	if (isset($AUTHENTICATION_DATA[$loginVal]) && $AUTHENTICATION_DATA[$loginVal] == $passVal) {
		$_SESSION['sid'] = base64_encode("$loginVal $passval");
		$_SESSION['acct'] = $loginVal;
	} else {
		$AUTH_LOGINFAILED = true;
	}

}

if (isset($_GET['logout'])) {
	unset($_SESSION['sid']);
}

if (!isset($_SESSION['sid'])) {
	$AUTH_LOGINVALID = false;
} else {
	$AUTH_LOGINVALID = true;  //temporary until I can write the code to check it
	if (isset($DEMO_ACCOUNT)) $MUSIKER_DEMOMODE = ($_SESSION['acct']==$DEMO_ACCOUNT);
}